On Wed, Mar 02, 2005 at 04:19:50PM -0300, Felipe Augusto van de Wiel (faw) wrote:
I don't exactly, but, if you already allow your
users to use sudo/su solutions, why are you trying to
change it and... if you are planning to use any "non
encrypted" authentication protocol over the network,
your users will have access to things like "root pass".
Letting users run tcpdump with root privs opens a lot more
vulnerabilities than letting them sniff without root privs. (E.g., with
the sudo approach they can clobber or possibly read arbitrary files on
the local system.) People tend to run around advocating sudo everywhere
when in fact doing so is *a lot* more dangerous than a real
least-privilege system.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
